Udp_scan is part of the old SATAN tool. It is a command-line UDP-only scanner for Unix. It can be downloaded separately from SATAN with its TCP scanning partner, tcp_scan, at ftp://ftp.porcupine.org/pub/security/port-scan.tar.gz. Udp_scan is reliable, but like another Unix TCP-only scanner called strobe, it has all but been overshadowed by newer tools. Although it is considered to be one of the ancient tools, its technique was the basis for just about all other UDP scanning tools.
Unix TCP-only scanner called strobe, it has all but been overshadowed by newer tools.Although it is considered to be one of the ancient tools, its technique was the basis for just about all other UDP scanning tools.
Installation
Like most Unix programs, udp_scan comes in source code. After you download and untar port-scan.tar.gz, you’ll need to change to the port-scan directory and run the make command.
Udp_scan’s usage is very simple; give it an IP address and a range of ports and let it do its thing.
# ./udp_scan 192.168.1.102 1-1024137:netbios-ns:138:netbios-dgm:445:UNKNOWN:500:UNKNOWN
Behind the scenes, udp_scan uses the same technique used by ScanLine to optimize its scanning routines. Before it does anything, udp_scan sends a UDP packet to UDP port 1 (by default) on the target host. It then waits to receive an ICMP port unreachable error. If it gets none, it assumes the target host is dead (even though a firewall may just be blocking the ICMP error) and doesn’t continue the scan. The UDP test port 1 can be changed to any port using the –p <port> option. The test port should always be a UDP port that is not being used by any service on the target host.
Udp_scan carefully watches its performance as it works through the port scan. By default, it can open up to 100 simultaneous UDP connections. (You can change this upper limit by specifying a –l <max_connections> option on the command line.) It uses the round-trip travel time for packets, determined by the initial test port probe, to calculate the maximum number of simultaneous probes that the network can handle. Every UDP packet sent by udp_scan contains only one data byte (the character 0) in an effort to minimize bandwidth usage while obtaining the most accurate results. Some UDP services and port filters respond differently to UDP packets with zero data bytes than UDP packets with an actual data payload.
You can use only a few other options with udp_scan. The –a option tells udp_scan to print out all the errors it encounters as well as the reachable UDP ports. The –u option tells you about any ICMP host unreachable errors it receives, printing the number of the UDP port that returned the error. On the other hand, the –U option tells you the exact opposite, printing the ports that do not return ICMP host unreachable errors. The only other thing you can specify to udp_scan is a source UDP port to use, by indicating –s <source_port> on the command line.
Udp_scan has a few limitations. Because it uses raw ICMP sockets, udp_scan can be run only as root or with super user privileges (uid 0). Also, like WUPS, it can handle only one IP address at a time.
October 26, 2007 at 5:26 am
SATAN scanner itu kalo ga’ salah yang pernah populer itu yach, Hen? Tapi keknya Nikto masih lebih menggigit dech, apa bener tuh, Hen?
October 28, 2007 at 1:38 pm
yah Nikto itu untuk memeriksa web server yang vul
October 30, 2007 at 11:47 pm
aq paling OOT deh kalo masalah beginian